CVE-2025-6137 | TOTOLINK T10 4.1.8cu.5207 HTTP POST Request /cgi-bin/cstecgi.cgi setWiFiScheduleCfg desc buffer overflow

Inserito da Angelo Barbosa | Giu 15, 2025 | CVE

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow.

This vulnerability is traded as CVE-2025-6137. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-6137 | TOTOLINK T10 4.1.8cu.5207 HTTP POST Request /cgi-bin/cstecgi.cgi setWiFiScheduleCfg desc buffer overflow

Post correlati

CVE-2024-29726 | SportsNET 4.0.1 /app/ax/setAsRead/ id sql injection

CVE-2024-5799 | CM Pop-Up Banners Plugin up to 1.7.2 on WordPress cross site scripting

CVE-2024-27041 | Linux Kernel up to 6.6.22/6.7.10/6.8.1 amdgpu_dm_fini null pointer dereference

CVE-2024-54233 | Enea Overclokk Advanced Control Manager Plugin up to 2.16.0 on WordPress cross site scripting